A 32-year-old Seattle man is behind bars while awaiting a federal hacking trial for launching a DDoS attack. He is being held without bail on allegations that he attacked a US-based legal services website to force it to remove a link to a case citation about his past criminal conduct. The authorities also say the suspect launched distributed denial of service attacks on various overseas media outlets for not removing stories about his credit-card scam and other crimes.

The FBI says that the day after a DDoS attack in January, 2015, the suspect sent an e-mail to Leagle.com pretending to be the hacking group Anonymous. The e-mail explained that the DDoS attack was launched because the defendant, Kamyar Jahanrakhshan, "is being unjustly victimised by you" for not abiding by his numerous requests to remove the link and even pay $100 in cash to get the job done.

The hackers behind the dump of Democratic Party emails in the midst of last year’s presidential race left apparent evidence of their identity — a breadcrumb trail winding from the stolen files back to the Russian government, according to assessments from the U.S. intelligence community. Some of this evidence was there from the beginning, embedded inside the first documents to hit the web, raising a niggling question: Why would diabolically skilled Russian operatives operate so sloppily?

This question has persisted, and last week the White House seized upon it, promulgating the idea that if the Russian government were really behind the attacks, its online agents wouldn’t have left any fingerprints. Russia quickly repeated this claim through its UK embassy.

But a 2011 presentation to the NSA and its foreign partners by Canada’s signals intelligence agency, the Communications Security Establishment, undermines the notion of a foreign hacker so skilled that a victim would never know their identity. The document calls Russian hackers “morons” for routinely compromising the security of a “really well designed” system intended to cover their tracks; for example, the hackers logged into their personal social and email accounts through the same anonymizing system used to attack their targets, comparable to getting an anonymous burner phone for illicit use and then placing calls to your girlfriend, parents, and roommate.

The historical, reactive model of security was a bunch of perimeter controls. With intelligence-driven security, the controls have to be much more agile and react to circumstances in real time. To create a defense in depth strategy, you need to anticipate attacks, to stop attacks before they start, and if you can't stop them, you have to detect an attack when it's in progress. If you can't detect an attack, then you need to be able to prevent a wholesale breach. If you can't prevent a breach, then you have to be able to detect that a breach has occurred, and respond quickly enough to prevent loss or disruption.

It's a fact of modern life that many of us forget—the phones, computers, and other connected devices we depend on can often be used against us as secret listening devices. On Tuesday, attention turned to the Amazon Echo, with a demonstration that showed how hackers can convert some models into devices that can surreptitiously record our most intimate moments.

To be clear, the hack works only against older models of Amazon Echoes. It also requires physical access to the device by a hacker with above-average skills in Linux and embedded hardware systems. That means people aren't likely to be exposed to such attacks unless they own a 2015 or 2016 device and are a target of interest to the Central Intelligence Agency, a similar nation-sponsored spy group, an advanced corporate espionage operation, or a highly determined stalker.

It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.

In July, Sonatype released their third annual State of the Software Supply Chain report concluding that when organisations actively manage the quality of open source components in software applications they see a 28% improvement in developer productivity (through reduction in manual governance), a 30% reduction in overall development costs, and a 48% increase in application quality (as application vulnerabilities are removed early reducing their incidence in production). Analysis also showed that applications built by teams utilising automated governance tools reduced the percentage of defective components by 63%.

Not a week goes by without WikiLeaks unveiling some more condemning evidence of the CIA’s malware tools. The latest reveal is Aeris, an automated implement which affects many different distributions of the Linux operating system. This particular tool packs quite a lot of features under the hood in an effort to gather as much intelligence as possible. This is surely not the last tool of its kind we will meet.

​Linux distro is mostly loved for its security features. When we people want more security we use TOR and VPN. Today I am going to tell you about an application called Firejail that helps to protect your personal files via sandbox technique.

​Firejail is a sandbox application built for Linux distros which uses the capabilities of Linux kernel to use namespace separation. In the simplest sense, apps launched through Firejail cannot access your personal files on your hard drive. Isn’t that cool? Cool and safe!

At Def Con’s hacker voting machine village, where 30 pieces of election equipment sat waiting, hackers were given a deliciously wicked goal. John Hopkins computer scientist Matt Blaze said, “We encourage you to do stuff that if you did on election day they would probably arrest you.”

And they did. Most of the voting machines were purchased via eBay, but some did come from government auctions. Despite the various different manufacturers of the voting equipment boxes, there was a common theme—they are “horribly insecure.”

Granted, come election day, officials would likely notice if hackers were physically taking apart the machines. Tinkering with an external USB port on a computerized voting box and using it to upload malicious software may or may not get noticed. Yet those are not the only ways hackers could potentially influence votes and an election’s outcome; there’s the sneaky way of remotely accessing the machine from a laptop.

The DEF CON 25 security conference is famous for its wide variety and number of security sessions and events. Not everyone can be in every session and some even choose to watch remotely, which is where DEF CON TV (DCTV) comes into play.

DCTV streamed several sessions from the event, both to local hotels as well as the outside internet. Securely setting up and managing the DCTV streaming is no easy task, but it's one that DEF CON hackers put together rapidly.

Microsoft refuses to fix the issue properly because there is a "simple command everyone can execute" but has not (to my knowledge) told anyone about this command because everyone assumes the issue has been fixed by KB4022715 and KB4022725

The reason I'm frustrated is because if these things were designed this way, I would WANT them. I really wish my washing machine would tell me when the wash is done because I am EXTREMELY bad at remembering to go check on it. But I can't buy that, I can't buy something that just has a $5 microprocessor with just enough intelligence to connect to the internet and send me an email or a push notification if the buzzer on the washer goes off. The only thing I can buy is a washing machine that's had a horrible, unreliable PC full of quarter-baked software crammed into it which will stop working when some godforsaken cloud service is "sunset", and which is so dependant on the reliability and trustworthiness of the software on the computer that if someone hacks it or the software has a bug, the washer can start spraying water at me when I have the loading door open.

Svpeng, designed to steal banking information through different means, now embeds itself in Android's accessibility services — the software that helps users with disabilities navigate devices and apps, the cybersecurity firm said. So Svpeng is now able to steal any data in a text box and log all keystrokes.

The upcoming version of the Transport Layer Security (TLS) protocol promises to be a game changer for web encryption. It will deliver increased performance, better security and less complexity. Yet many website operators could shun it for years to come.

TLS version 1.3 is in the final stages of development and is expected to become a standard soon. Some browsers, including Google Chrome and Mozilla Firefox, already support this new version of the protocol on an opt-in basis and Cloudflare enables it by default for all websites that use its content delivery network.

The malware is a variant of the Mirai botnet. Mirai infected internet-connected security cameras and coordinated them to repeatedly access the same server at the same time. The traffic would overwhelm the targeted server with requests and knock it offline. That type of attack is known as a distributed denial of service (DDoS).

The Mirai malware has become notorious for recruiting Internet of Things devices to form botnets that have launched some of the largest distributed denial-of-service (DDoS) attacks recorded to date. Mirai came onto the scene in late 2016 as the malware behind very large DDoS attacks, including a 650 Mbps attack on the Krebs on Security site. It's also purported to have been the basis of the attack in October 2016 that brought down sites including Twitter, Netflix, Airbnb and many others. Since then, Mirai has morphed into an even more aggressive and effective botnet tool.

When the research team at Imperva accessed the Incapsula logs after the Krebs attacks last fall, they found that, indeed, the Mirai botnet had been active well before the notorious September attack. Imperva discovered a botnet of nearly 50,000 Mirai-infected devices spread throughout 164 countries, with the top-infected countries identified as Vietnam, Brazil and the United States. But even before Mirai became public, the Imperva team saw vulnerable IoT devices as a problem in the making.

A 20-year-old flaw in the server message block protocol used in Windows has been uncovered by two researchers who presented the details of their finding at last week's DEFCON security conference in Las Vegas.

IT scandal turns into political crisis for Swedish government following outsourcing of Swedish Transport Agency contract

It’s not often that an IT security breach leads to the departure of two government ministers. But that is just what has happened in Sweden in the aftermath of a series of disclosures about a data breach and an outsourced IT contract.

Hackers {sic} at at a competition in Las Vegas were able to successfully breach the software of U.S. voting machines in just 90 minutes on Friday, illuminating glaring security deficiencies in America's election infrastructure.

The Swedish IT leak scandal has caused a governmental crisis: even when having every kind of self-interest to read up on IT security, today’s politicians just can’t get it right. The Swedish leak where classified data and networks were outsourced outside the European Union was not an isolated incident, but a pervasive pattern where things are kept safe mostly by good luck and the occasional person who knows their stuff fixing things properly out of pure subordination. This week, the opposition leader stated that the physical location of a server is of no importance as far as security goes.

We all know what CIA is capable of but what WikiLeaks has been publishing lately under the Vault 7 leaks series is simply astonishing. According to the latest set of information provided by WikiLeaks in its ongoing Vault 7 leaks saga, the CIA developed three dangerous malware for Linux and macOS systems.

A two and a half year joint operation between the Australian Federal Police (AFP), Federal Bureau of Investigation (FBI) and Toronto Police Department has resulted in a 37-year-old Seattle man being arrested in connection with serious offences relating to distributed denial of service attacks on IT systems.

It's not often that a security researcher devises an attack that can unleash a self-replicating attack which, with no user interaction, threatens 1 billion smartphones. But that's just what Nitay Artenstein of Exodus Intelligence did in a feat that affected both iOS and Android devices.

At the Black Hat security conference, Artenstein demonstrated proof-of-concept attack code that exploited a vulnerability in Wi-Fi chips manufactured by Broadcom. It fills the airwaves with probes that request connections to nearby computing devices. When the specially devised requests reach a device using the BCM43xx family of Wi-Fi chipsets, the attack rewrites the firmware that controls the chip. The compromised chip then sends the same malicious packets to other vulnerable devices, setting off a potential chain reaction. Until early July and last week—when Google and Apple issued patches respectively—an estimated 1 billion devices were vulnerable to the attack. Artenstein has dubbed the worm "Broadpwn."

At the Black Hat security conference on Thursday, a team of researchers from Alibaba Security demonstrated how sound and ultrasound could be used to attack devices that depend on sensor input from gyroscopes, accelerometers, and other microelectromechanical systems (MEMS). A sonic "gun" could in theory be used to knock drones out of the sky, cause robots to fail, disorient virtual or augmented reality software, and even knock people off their "hoverboard" scooters. It could also potentially be used to attack self-driving cars or confuse air bag sensors in automobiles.

Many of the commercial gyroscope sensors in electronic devices are tuning fork gyroscopes—MEMS devices that use the vibrations of two "proof masses" to track rotation and velocity. But an outside source of vibration matching the resonant frequency of the gyroscope could interfere with the sensor's stability and cause the sensor to send bad data to the device it is embedded in.

Google has expelled 20 Android apps from its Play marketplace after finding they contained code for monitoring and extracting users' e-mail, text messages, locations, voice calls, and other sensitive data.

On Wednesday morning we reported on the arrest of a Russian man suspected of running a $4 billion dollar money laundering scheme. Later in the day, US officials released the indictment against the suspect, Alexander Vinnik.

This Linux-Windows integration makes it tempting to use tools like Wine (which, for the record, was created long before Microsoft became so Linux-friendly) to integrate Windows programs seamlessly into Linux-based systems as a convenience for the user.

This integration comes at a cost. Merging Windows and Linux environments creates new potential attack vectors and security complications, as the Bad Taste vulnerability shows.

WikiLeaks has published three new alleged CIA hacking tools as part of its new Vault 7 dump. The alleged CIA project dubbed "Imperial" includes three hacking tools named Achilles, Aeris and SeaPea that target Mac and Linux operating systems (OS). While Achilles and SeaPea target Mac OS, Aeris targets Linux.

The top software product from Raleigh-based Red Hat is the target of a hacking tool developed by the CIA, according to documents published by WikiLeaks.

Red Hat Enterprise Linux is one of the world's most popular software platforms used by global financial firms, and services related to RHEL is among Red Hat's most profitable revenue streams. Red Hat is the world's best-known developer of Open Source Linux software.

"Red Hat is aware of the information around the Aeris tool, which was part of the document dump recently published by Wikileaks, and we are investigating the reports," a spokesperson for Red Hat told WRAL TechWire.

In addition, the identities of people working undercover for the Swedish police and the Swedish security service, known as Sapo, may have been revealed, along with names of people working undercover for the special intelligence unit of the Swedish armed forces.

Aquabox took the bait, and asked the FBI agents to upload a screen shot of the bug they’d found. As noted in this September 2015 story, the FBI agents uploaded the image to file-sharing giant Sendspace.com and then subpoenaed the logs from Sendspace to learn the Internet address of the user that later viewed and downloaded the file.

With the increasing rise in the intensity and volume of online threats, our computers and smartphones are becoming more prone to attacks. In such situations, it becomes necessary to look for a capable antivirus solution to make sure that your online life is safe and sound. Along the similar lines, Russian cybersecurity giant has released a free version of its antivirus named Kaspersky Free.

For some reason, this keeps happening and I will never understand why. For years, we have covered incidents where security researchers benignly report security flaws in the technology used by companies and governments, doing what can be characterized as a service to both the public and those entities providing the flawed tools, only to find themselves threatened, bullied, detained, or otherwise dicked with as a result. It's an incredibly frustrating trend to witness, with law enforcement groups and companies that should want to know about these flaws instead shooting the messenger in what tends to look like a fit of embarrassment.

Traditional computers are binary digital electronic devices based on transistors. They store information encoded in the form of binary digits each of which could be either 0 or 1. Quantum computers, in contrast, use quantum bits or qubits to store information either as 0, 1 or even both at the same time. Quantum mechanical phenomenons such as entanglement and tunnelling allow these quantum computers to handle a large number of states at the same time.

Quantum computers are probabilistic rather than deterministic. Large-scale quantum computers would theoretically be able to solve certain problems much quicker than any classical computers that use even the best currently known algorithms. Quantum computers may be able to efficiently solve problems which are not practically feasible to solve on classical computers. Practical quantum computers will have serious implications on existing cryptographic primitives.

Today, July 27th 2017, WikiLeaks publishes documents from the Imperial project of the CIA.

Achilles is a capability that provides an operator the ability to trojan an OS X disk image (.dmg) installer with one or more desired operator specified executables for a one-time execution.

Aeris is an automated implant written in C that supports a number of POSIX-based systems (Debian, RHEL, Solaris, FreeBSD, CentOS). It supports automated file exfiltration, configurable beacon interval and jitter, standalone and Collide-based HTTPS LP support and SMTP protocol support - all with TLS encrypted communications with mutual authentication. It is compatible with the NOD Cryptographic Specification and provides structured command and control that is similar to that used by several Windows implants.

More in Tux Machines

Linux: To recurse or not

Linux and recursion are on very good speaking terms. In fact, a number of Linux command recurse without ever being asked while others have to be coaxed with just the right option. When is recursion most helpful and how can you use it to make your tasks easier? Let’s run through some useful examples and see.

today's leftovers

MX Linux Review of MX-17. MX-17 is a cooperative venture between the antiX and former MEPIS Linux communities. It’s XFCE based, lightning fast, comes with both 32 and 64-bit CPU support…and the tools. Oh man, the tools available in this distro are both reminders of Mepis past and current tech found in modern distros.

Samsung stopped the distribution of the Android 8.0 Oreo operating system update for its Galaxy S8 and S8+ smartphones due to unexpected reboots reported by several users.
SamMobile reported the other day that Samsung halted all Android 8.0 Oreo rollouts for its Galaxy S8/S8+ series of Android smartphones after approximately a week since the initial release. But only today Samsung published a statement to inform user why it stopped the rollouts, and the cause appears to be related to a limited number of cases of unexpected reboots after installing the update.

The Xen Project is comprised of a diverse set of member companies and contributors that are committed to the growth and success of the Xen Project Hypervisor. The Xen Project Hypervisor is a staple technology for server and cloud vendors, and is gaining traction in the embedded, security and automotive space. This blog series highlights the companies contributing to the changes and growth being made to the Xen Project and how the Xen Project technology bolsters their business.

A few days back I reported on Intel Icelake patches for the i965 Mesa driver in bringing up the OpenGL support now that several kernel patch series have been published for enabling these "Gen 11" graphics within the Direct Rendering Manager driver. This Icelake support has been quick to materialize even with Cannonlake hardware not yet being available.

Introduced as part of LunarG's recent Vulkan SDK update is the VLF, the Vulkan Layer Factory.
The Vulkan Layer Factory aims to creating Vulkan layers easier by taking care of a lot of the boilerplate code for dealing with the initialization, etc. This framework also provides for "interceptor objects" for overriding functions pre/post API calls for Vulkan entry points of interest.